General
-
Target
5dd2b50676c046f0da630781fb72d935
-
Size
100KB
-
Sample
240115-xgv7nadban
-
MD5
5dd2b50676c046f0da630781fb72d935
-
SHA1
4893bf764a4c9f9d971cd701ae6db4687e566ccf
-
SHA256
ed34e497e811096b994a88cf03639bf435902d2f6d0a06a173e72552db90cce1
-
SHA512
772bce96633f497258ae4ba23ae05999de52fdaca6505d9e4fc40ac1cf446c1b2d318b4fabda871e2478a571bd5bcf08845675138a8f315a8edddfd70b034acf
-
SSDEEP
3072:OHo5e5op+dFDPojGvnYnMNGVk8jwaaHw7Koj4rDMkf:OypuoCvnYMfV
Malware Config
Targets
-
-
Target
5dd2b50676c046f0da630781fb72d935
-
Size
100KB
-
MD5
5dd2b50676c046f0da630781fb72d935
-
SHA1
4893bf764a4c9f9d971cd701ae6db4687e566ccf
-
SHA256
ed34e497e811096b994a88cf03639bf435902d2f6d0a06a173e72552db90cce1
-
SHA512
772bce96633f497258ae4ba23ae05999de52fdaca6505d9e4fc40ac1cf446c1b2d318b4fabda871e2478a571bd5bcf08845675138a8f315a8edddfd70b034acf
-
SSDEEP
3072:OHo5e5op+dFDPojGvnYnMNGVk8jwaaHw7Koj4rDMkf:OypuoCvnYMfV
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1